Security researchers at Cereblab discovered that SpaceXAI’s Grok Build command‑line interface was silently packaging and sending full codebases to Google Cloud. Their tests showed the tool ignored user‑specified exclusions and even transmitted files that had been removed from version history, exposing a breadth of data that far exceeds what comparable AI assistants, such as Claude Code, retain.

SpaceXAI responded by flipping a server‑side flag—"disable_codebase_upload: true"—that stopped the upload process. The company also announced that the feature would remain disabled while it investigated the issue. In a post on X, CEO Elon Musk promised that any data already collected would be "completely and utterly deleted," and reiterated that the platform’s privacy settings are intended to be respected.

Despite Musk’s assurances, independent security analyst Dr. Lukasz Olejnik of King’s College London called the level of data collection "excessive." He warned that the leaked material could contain proprietary source code, undisclosed security vulnerabilities, personal information, infrastructure diagrams, and authentication credentials—assets that could be highly valuable to competitors or malicious actors.

The company’s initial statement suggested that users could disable data retention with a "/privacy" command in the CLI. However, Cereblab clarified that the command only toggles per‑session retention and does not address the underlying upload mechanism. Consequently, the claim that the command fixed the problem was inaccurate.

Following the revelations, SpaceXAI halted the Grok Build upload feature and issued guidance for developers to monitor their repositories for unexpected traffic. The episode adds to a growing list of incidents where AI‑powered development tools have been scrutinized for privacy and security practices.

Industry observers note that while AI assistants promise productivity gains, they also raise new risks around data sovereignty and intellectual property protection. Companies deploying such tools may need to implement stricter audit trails and clearer user controls to avoid similar fallout.

Dieser Artikel wurde mit Unterstützung von KI verfasst.
News Factory APP - agentische News für besseres SEO & AEO.